OS-NMA: How to protect space data to protect ourselves
As GPS/GNSS technology advances and becomes more reliable, we increasingly depend on accurate positioning and timing in various aspects of our lives. However, with this dependence comes vulnerability to jamming and spoofing attacks, which can have severe consequences, particularly for safety-critical applications. To address these vulnerabilities, Galileo has developed the OS-NMA authentication service, which allows secure transmission of the navigation message from Galileo satellites to GNSS receivers.
As GPS/GNSS technology becomes more advanced and reliable, we are increasingly relying on accurate positioning and timing in various aspects of our lives. For example, GNSS time is used to synchronize telecom and energy grids, while precise positioning is necessary for navigating drones and autonomous cars, as well as precision farming and construction machinery.
As new use cases continue to emerge, our dependence on GNSS is growing globally. This highlights the need for a secure and reliable communication channel between satellites and receivers to ensure trustworthy and assured Positioning, Navigation, and Time (PNT), particularly in critical and industrial applications.
However, the increasing reliance on GNSS has brought to light its vulnerability to jamming and spoofing attacks, which can cause service disruptions or denial incidents. Such incidents are becoming more frequent and can have potentially severe consequences, especially for safety or liability critical applications.
To address these vulnerabilities, GNSS authentication plays a vital role in ensuring the trustworthiness of PVT (Position, Velocity, and Time) based applications. Although it is not the only factor that contributes to overall trustworthiness, authentication is essential for detecting spoofing events and avoiding or mitigating their consequences.
To further improve navigation reliability, the European GNSS system, Galileo, has developed the OS-NMA authentication service, which allows secure end-to-end transmission of the navigation message from Galileo satellites to OS-NMA-enabled GNSS receivers. OS-NMA (Open Service Navigation Message Authentication) will soon be available free of charge to users and has recently moved into the final testing phase. As EUSPA’s long-term partner, Rokubun has participated in the validation activities of OS-NMA in the frame of EUSPA’s funded project BANSHEE. Today Rokubun is getting successful results from the OS-NMA tests conducted by Rokubun for the validation of the integration of an OS-NMA client in our SPEAR Positioning Engine.
What is OS-NMA and how does it work?
OS-NMA is an essential technology that is a part of a larger collection of technologies designed to protect GNSS receivers from interference. Two common types of interference are jamming and spoofing, which occur when strong radio signals overpower weak GNSS signals on the same frequency. Jamming is a type of interference that causes loss of positioning availability by overpowering the receiver with a power peak that masks the GNSS signal. Spoofing is a more sophisticated type of interference that tricks a receiver into calculating a false location by sending fake GNSS signals to the receiver via a nearby radio transmitter.
The issue of jamming and spoofing is growing in severity every year, as highlighted in various news reports. A GPS interference incident in October, which rendered navigation unreliable within 40 nautical miles of the Dallas Fort Worth airport in Texas, is just one example. Additionally, Russian ships have been attempting to evade sanctions or use these tactics as a form of cyberweapon, posing a threat closer to our borders. Even Josep Borrel, the High Representative of the Union for Foreign Affairs and Security Policy, emphasizes the importance of securing space to prevent it from being turned into a battlefield.
To protect Galileo signals from spoofing, OS-NMA provides authentication of navigation data that contains vital information on satellite location. Navigation data security is crucial because any alteration of this data could result in incorrect positioning calculation.
OS-NMA is a technology that ensures the authenticity of Galileo navigation data through a hybrid cryptography technique. The technique combines symmetric and asymmetric cryptography, and a confidential key stored on the satellite is used to generate a digital signature. The signature, along with the key, is attached to the navigation data and transmitted to the receiver. This process provides a secure and reliable method of ensuring that the navigation data comes from the Galileo constellation and not from a third party attempting to spoof the signals. By sending cryptographic signatures with the navigation data, OS-NMA provides a level of security that protects against spoofing and ensures that the positioning data is reliable.
Use cases
OS-NMA has many potential applications. The European Union Agency for the Space Programme (EUSPA) is regularly consulting with industry and end users to assess market demand but, in general, OS-NMA is expected to benefit many areas such as logistics, mobile payments, autonomous driving, and more. It is a clear differentiator for Galileo and its availability will modify the market perception and maturity.
At Rokubun, we have been validating the use of OS-NMA for specific drone surveillance use cases, such as detecting illegal fishing. However, the potential applications are multiple and even more, the use of OS-NMA can leverage some of them. In the following image, you will see some potential applications detected by EUSPA:
SPEAR Module for authentication
Rokubun’s location SW stack, SPEAR, includes an OS-NMA client to authenticate the Galileo navigation message. In the framework of the BANSHEE project, Rokubun conducted some OS-NMA tests to validate the integration of the OS-NMA service into our SPEAR Positioning Engine. The tests included a real-time test campaign at the European Commission Joint Research Centre (JRC) facilities in Ispra, Italy, as well as post-process tests with static datasets provided by the European Union Agency for the Space Programme (EUSPA).
During the testing, different OS-NMA configurations were used to test the authentication process steps separately. Additionally, end-to-end real-time tests were conducted at the JRC facilities to test the implementation of OS-NMA under nominal and spoofed conditions. The test campaign at JRC successfully took place on February 27th and 28th, 2023, using Rokubun's MEDEA GNSS computer based on an u-blox ZED-F9P chipset plus an application processor (see Figure 4).
The test plan included spoofing detection with simulated data and live counterfeit signals, and was iterated with the JRC engineers for validation The tests were successful, and the outcome of the results validated the implementation of the OS-NMA client in the SPEAR processing engine. Figure 5 shows the front-end of Rokubun’s MEDEA, powered by SPEAR Positioning Engine, in different conditions: on the left when OS-NMA authentication is successful and on the right when spoofing is detected and OS-NMA validation errors are thrown.
The real-time tests conducted at JRC together with EUSPA's post-processing test vectors demonstrated the successful integration of the OS-NMA client in SPEAR, showcasing the positioning engine's correct performance in using OS-NMA for spoofing detection.
We can conclude that OS-NMA is a crucial technology that ensures the authenticity of Galileo navigation data through a hybrid cryptography technique. This technology will become an essential part of protecting GNSS receivers from interference, particularly spoofing and jamming attacks, which can have severe consequences, specially in critical infrastructure. OSNMA has many potential applications in various industries, such as logistics, mobile payments, and autonomous driving and Rokubun is leading the way by successfully validating the integration of the OS-NMA service into its SPEAR Positioning Engine. With the availability of OS-NMA, Galileo will have a clear advantage over other GNSS systems, and its availability will help to prevent major security issues in land, sea and air.